mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2025-08-07 13:34:53 +03:00
403 when viewing other user's profile
This commit is contained in:
parent
207a9e576c
commit
1e3714390e
|
@ -5,6 +5,7 @@ from django.utils.translation import gettext_lazy as _
|
|||
from django.views.generic import DetailView
|
||||
from django.views.generic import RedirectView
|
||||
from django.views.generic import UpdateView
|
||||
from django.core.exceptions import PermissionDenied
|
||||
|
||||
from {{ cookiecutter.project_slug }}.users.models import User
|
||||
|
||||
|
@ -19,6 +20,11 @@ class UserDetailView(LoginRequiredMixin, DetailView):
|
|||
slug_url_kwarg = "username"
|
||||
{%- endif %}
|
||||
|
||||
def get_object(self, queryset=None):
|
||||
obj = super().get_object(queryset)
|
||||
if obj.id != self.request.user.id:
|
||||
raise PermissionDenied
|
||||
return obj
|
||||
|
||||
user_detail_view = UserDetailView.as_view()
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user